Potential Gas Limit and DoS Concerns in Looping Constructs
Summary
In the CreditDelegationBranch.sol contract the Function settleVaultsDebt loops over an array of vault IDs which introduces the potential and gas limit exhaustion denial of service attack.
Vulnerability Details
In the Function settleVaultsDebt loops over an array of vault IDs.
If a very large array of vault IDs is passed (either maliciously or by accident), the gas cost may exceed the block gas limit, causing the function to revert. An attacker could intentionally bloat the list (or force the engine to have too many vaults connected) to cause a denial-of-service (DoS) on debt settlement operations.
Impact
Denial-of-Service:
Critical operations (such as settling debt) could be blocked if the gas cost becomes too high, potentially leaving vaults in an inconsistent state and halting further operations until manual intervention occurs.
System Degradation:
Over time, if many vaults accumulate, routine debt settlement may become increasingly expensive, affecting protocol performance.
Tools Used
Manual review.
Recommendations
Consider limiting the number of vaults processed per transaction or introducing pagination to avoid potential DoS from overly long loops.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.